Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Problems configuring Jetty for LDAP authentication

Hello,

I am trying to configure Jetty for LDAP authentication.  Can someone tell me what is wrong in my login.conf?

Here is an authentication that works under the Apache 2.2 configuration:

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
                Order allow,deny
                Allow from all
           AuthBasicProvider ldap
           AuthUserFile /dev/null
           AuthType Basic
           AuthName "Subversion Authentication"
           AuthBasicProvider ldap
           # The distinguished name to bind to the directory server
           AuthLDAPBindDN "cn=admin,dc=exist-db,dc=org"

           # The password for the user above
           AuthLDAPBindPassword "1234"
           AuthLDAPUrl "ldap://127.0.0.1:389/ou=Users,dc=exist-db,dc=org?uid?sub?(objectclass=posixAccount)"
           AuthLDAPGroupAttribute memberUid
           AuthLDAPGroupAttributeIsDN off
           AuthLDAPCompareDNOnServer off
           AuthzLDAPAuthoritative on
           Require ldap-group cn=dba,ou=Groups,dc=exist-db,dc=org

    </Directory>

Here is the Authentication Login Service information in jetty.xml:

    <!-- =========================================================== -->
    <!-- Configure Authentication Login Service                      -->
    <!-- =========================================================== -->
    <Call class="java.lang.System" name="setProperty">
      <Arg>java.security.auth.login.config</Arg>
      <Arg><SystemProperty name="jetty.home" default="." />/etc/login.conf</Arg>
    </Call>

    <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
          <Set name="name">JAASLoginService</Set>
          <Set name="LoginModuleName">eXistDB</Set>
        </New>
      </Arg>
    </Call>


My login.conf under Jetty is:

eXistDB {
org.eclipse.jetty.plus.jaas.spi.LdapLoginModule REQUIRED
    debug="true"
    useLdaps="false"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="127.0.0.1"
    port="389"
    bindDn="cn=admin,dc=exist-db,dc=org"
    bindPassword="1234"
    authenticationMethod="simple"
    forceBindingLogin="false"
    userBaseDn="ou=Users,dc=exist-db,dc=org"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userPasswordAttribute="userPassword"
    userObjectClass="posixAccount"
    roleBaseDn="ou=Groups,dc=exist-db,dc=org"
    roleNameAttribute="cn"
    roleMemberAttribute="memberUid"
    roleObjectClass="posixGroup";
};


And I am getting the following error:


14 Jun 2010 10:20:08,143 [qtp2133251039-20] INFO  (Slf4jLog.java [info]:92) - Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: ou=Users,dc=exist-db,dc=org 
14 Jun 2010 10:20:08,145 [qtp2133251039-20] INFO  (Slf4jLog.java [info]:92) - Found user?: true 
14 Jun 2010 10:20:08,152 [qtp2133251039-20] WARN  (Slf4jLog.java [warn]:124) - EXCEPTION  
javax.security.auth.login.LoginException: Login Failure: all modules ignored
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:936)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
	at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)
	at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:174)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:417)
	at org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:182)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:933)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:362)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
	at org.eclipse.jetty.server.Server.handle(Server.java:334)
	at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:559)
	at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1007)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:747)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:209)
	at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:406)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:462)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
	at java.lang.Thread.run(Thread.java:636)



Back to the top